Snort Active Checker
-
How would someone go about creating a Snort monitoring script. In a nutshell if snort was to fail for any reason or whatever, create a script that would try to re-enable it keep some sort of log say try 3 times then if it really won't work cancel the operation and stop.
I just wondered how would someone go about actually creating a script to do this?
-
#!/bin/sh SERVICE=snort if P=$(/usr/bin/pgrep $SERVICE) then /bin/echo "$SERVICE is running, PID is $P" else /usr/local/etc/rc.d/snort.sh start fi
Run it via cron every minute.
-
Why snort would fail?
I have plans to use snort -T to test a config before trying to restart snort but still have not gotten to finish that. -
Snort does not fail any more. I used that script during last weeks test phases where it often crashed.
Just posted it because j.smith1981 asked. -
Oh thank you ever so much for that, probably me being lazy as per usual to actually go back in and keep re-enabling it (or usually when I forget to check if its running) ;D
Thank you ever so much and I will give that a whirl!